cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
416
Views
0
Helpful
5
Replies

Two ASAs in a network

shijomon scaria
Level 1
Level 1

I need to install two ASAs, one with AIP-SSM module and other with CSC-SSM in the same network. Is it possible? If so how can i connet the two devices together.

5 Replies 5

rleivaoc
Cisco Employee
Cisco Employee

You can if you are not planning on using failover, since both unit need to report the same hardware type.

Here is the link that details the failover requirements:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807dac5f.shtml#failgi

Thank you sir,

can u please specify the physical connection details..... Actually i need to pass the traffic through both the devices one after another to get the IPS and Anti X features.... Then how should i connet both the devices together??

Well, if you are thinking about stacking both devices like so:

ISP-----Out-ASA/IPS-In---Out-ASA/CSC----inside

You can, but you are going to need to think about the overhead the IPS and CSC module scanning is going to create. In addition, you are going to create a more complex configuration on both units for traffic to pass. However, you can limit this by turning off NAT-CONTROL on both units, but, this will create some security concerns.

I hope this helps

So as u said i can connet both devices back to back, from one's any port to other's any port, isnt it..??

Like

ISP <--> ASA1 GE0

ASA1 GE1 <--> ASA2 GE0

ASA2 GE1 <--> Inside

onlyabhishek007
Level 1
Level 1

u can use the on firewall as a routing device and another firewall as a tranparent mode. so the network diagram like

ISP-----> ASA (csc) --------> ASA (aip) transparent ---------> switch

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: